OVD 11g: How To Workaround Constraint Violation Errors On DB Adapters For Values Too Big For The Column Size? (Doc ID 1346879.1)

Last updated on JULY 01, 2016

Applies to:

Oracle Virtual Directory - Version 11.1.1.2.0 and later
Information in this document applies to any platform.

Goal

How to workaround or prevent Oracle Virtual Directory (OVD) 11g throwing a constraint violation error and an error about the value being too big for the column size while using a Database (DB) adapter?

Scenario:
When using a Database (DB) adapter in OVD, the CN column in the DB adapter is smaller then the CN value for some Active Directory (AD) accounts. OVD is throwing a constraint violation error and an error about the value being too big for the column size. In this situation the DB column is defined as 30 characters, but the AD value that it is trying to compare is over / bigger than 30 characters. Increasing the column size in the DB is not an option at this time.

Steps to Reproduce:
Create a DB adapter in OVD with a column of 30 characters. Create an LDAP to DB mapping and map this 30 character column to an ldap attribute such a CN. When attempting to match values over 30 characters OVD reports a constraint violation error and an error about the value being too big for the column size.

OVD log shows, for example:

...<snip>...
[2011-06-09T18:16:56.277-07:00] [octetstring] [TRACE] [OVD-00012] [com.octetstring.vde.backend.db.EnterpriseRoles.BackendDB] [tid: 33] [ecid: 0000J1r7tH62ZNK5qVCCyY1DwMtT00000f,0] [SRC_CLASS: com.octetstring.vde.util.VDELogger] [SRC_METH
OD: debug] [#EnterpriseRoles] Looking for Objectclass: groupOfUniqueNames.
[2011-06-09T18:16:56.277-07:00] [octetstring] [TRACE] [] [com.octetstring.vde.backend.db.EnterpriseRoles.BackendDB] [tid: 33] [ecid: 0000J1r7tH62ZNK5qVCCyY1DwMtT00000f,0] [SRC_CLASS: com.octetstring.vde.util.VDELogger] [SRC_METHOD: debug
] [#EnterpriseRoles] SQL: SELECT DISTINCT MYAPPDB.USERS_TO_ROLES_VW.ROLE_DESCRIPTION FROM MYAPPDB.USERS_TO_ROLES_VW WHERE MYAPPDB.USERS_TO_ROLES_VW.ROLE_DESCRIPTION IN ( SELECT MYAPPDB.USERS_TO_ROLES_VW.ROLE_DESCRIPTION FROM MYAPPDB.USERS_TO_ROLES_VW WHERE ( (UPPER(MYAPPDB.USERS_TO_ROLES_VW.USER_ID) = UPPER( ? )) ) ) ORDER BY MYAPPDB.USERS_TO_ROLES_VW.ROLE_DESCRIPTION
[2011-06-09T18:16:56.277-07:00] [octetstring] [TRACE] [] [com.octetstring.vde.backend.db.EnterpriseRoles.DBAttrMapping] [tid: 33] [ecid: 0000J1r7tH62ZNK5qVCCyY1DwMtT00000f,0] [SRC_CLASS: com.octetstring.vde.util.VDELogger] [SRC_METHOD: debug] Value is too big: MYAPPDB.USERS_TO_ROLES_VW.USER_ID, max col size=30
[2011-06-09T18:16:56.277-07:00] [octetstring] [ERROR] [OVD-60172] [com.octetstring.vde.backend.db.EnterpriseRoles.BackendDB] [tid: 33] [ecid: 0000J1r7tH62ZNK5qVCCyY1DwMtT00000f,0] Error getting matches.[[
com.octetstring.vde.util.DirectoryException: LDAP Error 19 : Constraint Violation
at com.octetstring.vde.backend.db.DBAttrMapping.setStatement(DBAttrMapping.java:378)
at com.octetstring.vde.backend.db.DBAttrMapping.setStatement(DBAttrMapping.java:525)
at com.octetstring.vde.backend.db.BackendDB.getMatches(BackendDB.java:2123)
at com.octetstring.vde.backend.db.BackendDB.get(BackendDB.java:883)
...<snip>...
A bi_server-diagnostic.log can show:

[2015-03-12T09:02:44.607-06:00] [bi_server1] [NOTIFICATION] [LIBOVD-20044] [oracle.ods.virtualization.accesslog] [tid: [ACTIVE].ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0054HYh1EqZ5EgIqyoR_6G0006JS00009G,0:2:1:16:1] [APP: bisecurity#11.1.1] [J2EE_APP.name: bisecurity_11.1.1] [J2EE_MODULE.name: bisecurity] [WEBSERVICE.name: SecurityWebService] [WEBSERVICE_PORT.name: SecurityWebServicePort] [URI: /analytics/saw.dll] conn=31 op=1 RESULT err=1 tag=0 nentries=0 etime=0 dbtime=0 mem=140,825,672/602,996,736
[2015-03-12T09:02:44.608-06:00] [bi_server1] [NOTIFICATION] [] [oracle.bi.security.service] [tid: [ACTIVE].ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0054HYh1EqZ5EgIqyoR_6G0006JS00009G,0:2:1:16:1] [APP: bisecurity#11.1.1] [J2EE_APP.name: bisecurity_11.1.1] [J2EE_MODULE.name: bisecurity] [WEBSERVICE.name: SecurityWebService] [WEBSERVICE_PORT.name: SecurityWebServicePort] [URI: /analytics/saw.dll] SecurityService::executeIdentity store provider error[[
oracle.bi.security.service.SecurityServiceException: SecurityService::executeIdentity store provider error
at oracle.bi.security.service.GetUsersAction.execute(GetUsersAction.java:73)

...<etc>...

Caused by: oracle.bi.security.service.IdentityStoreProviderException: oracle.security.idm.OperationFailureException: oracle.ods.virtualization.service.VirtualizationException: oracle.ods.virtualization.engine.util.DirectoryException: LDAP Error 1 : [LDAP: error code 1 - LDAP Error 1 : com.octetstring.vde.util.DirectoryException: LDAP Error 19 : Constraint Violation]
at oracle.bi.security.service.URIdentityStoreProvider.collectUsersForSearch(URIdentityStoreProvider.java:282)
... 54 more
Caused by: oracle.security.idm.OperationFailureException: oracle.ods.virtualization.service.VirtualizationException: oracle.ods.virtualization.engine.util.DirectoryException: LDAP Error 1 : [LDAP: error code 1 - LDAP Error 1 : com.octetstring.vde.util.DirectoryException: LDAP Error 19 : Constraint Violation]
at oracle.security.idm.providers.libovd.util.LibOVDRealm.throwException(LibOVDRealm.java:675)

...<etc>...

... 68 more
Caused by: javax.naming.NamingException: [LDAP: error code 1 - LDAP Error 1 : com.octetstring.vde.util.DirectoryException: LDAP Error 19 : Constraint Violation]; remaining name 'ou=myou,dc=mycompany,dc=com'

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms